You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2012/10/22 13:33:47 UTC
[Bug 6853] New: SURBL deprecating OB list and creating MW list on
5/1/2013
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
Priority: P2
Bug ID: 6853
Assignee: dev@spamassassin.apache.org
Summary: SURBL deprecating OB list and creating MW list on
5/1/2013
Severity: normal
Classification: Unclassified
OS: Windows 7
Reporter: kmcgrail@pccc.com
Hardware: PC
Status: NEW
Version: unspecified
Component: Rules
Product: Spamassassin
In order to keep improving SURBL data, we plan to reorganize some of
the sublists inside the combined list multi as described below.
OB -- OB sublist to be deprecated immediately
Due to reduced effectiveness, SURBL will be deprecating the data in
the OB sublist in a multi-stage process described below, with a the
timeline at the end of this announcement.
We will emptying the OB dataset beginning immediately. Since the
current OB data are resulting in few detections, the effect of
emptying the list should not significantly impact most production
systems that are using the data.
After the OB dataset has been empty for a period of time, we will be
replacing bitmask bit 16 that OB currently uses with a new list
described next.
SURBL would like to sincerely thank the Outblaze team and their
successor organization IBM for very kindly making the Outblaze data
available to the SURBL community for several years. Special thanks go
to Suresh Ramasubramanian and his colleagues for their many years of
dedication in helping SURBL and the broader Internet community to stop
messaging, botnet, malware, phishing and other forms of abuse.
MW -- New malware sublist
After some time with OB data emptied, the bitmask bit 16 formerly used
by OB will be used by a new list MW which will consist of malware
domains and IPs, most of which which are currently merged into the PH
list. We had overloaded the phishing list PH with both phishing and
malware data since they were somewhat related, but several users of
SURBL data have expressed an interest in separate classifications for
phishing and malware.
Splitting those categories of data info separate sublists will make
the distinctions between phishing and malware available for the whole
SURBL community to use. Having a separate malware sublist should
allow SURBL applications to make finer-grained, more accurate
classifications and to perform better as a result.
Some records may be on multiple lists. For example if a site has
both phishing and malware, then it may be on both the PH and MW lists.
Overlap between any datasets has been and will continue to be
possible.
Timeline:
Deprecation of the OB dataset - Immediate
Creation of the MW (malware) dataset - 1 May 2013
The documentation on the SURBL site will be updated the next few weeks to
reflect the changes. It has not been updated yet.
http://www.surbl.org/lists
Recommended action:
We recommend that SURBL application developers prepare to update their
configurations according to these changes so they are ready when the
changes are put into production on our name servers and zone files.
Please direct followup discussion to the SURBL Discussion list.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
--- Comment #2 from Kevin A. McGrail <km...@pccc.com> ---
Created attachment 5101
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=5101&action=edit
Diff for the patch committed in Comment 1
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
--- Comment #6 from Jeff Chan <je...@surbl.org> ---
Hi Guys,
Not sure if the previous should have been a new ticket, etc.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
--- Comment #4 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to comment #3)
> How will this be scored? automagically handeld by GA?
For the MW list, i will likely just copy the existing PH scores to start since
the list is a split of that list.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
--- Comment #8 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to comment #7)
> (In reply to comment #6)
> > Hi Guys,
> > Not sure if the previous should have been a new ticket, etc.
>
> This is a good ticket and the work is in process as I just collided with
> someone else's work in trunk ;-)
I uncommented the rules in 25_uribl.cf. I believe someone else was working on
this so hopefully when the score generates, we are good to go.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
--- Comment #3 from AXB <ax...@gmail.com> ---
How will this be scored? automagically handeld by GA?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
--- Comment #1 from Kevin A. McGrail <km...@pccc.com> ---
Step 1 - remove URIBL_OB_SURBL from rules, et al
svn commit -m 'Step 1 of bug 6853 to remove SURBL Outblaze (OB) list'
Sending rules/25_uribl.cf
Sending rules/30_text_de.cf
Sending rules/30_text_pt_br.cf
Sending rules/50_scores.cf
Sending rules/active.list
Sending rulesrc/10_force_active.cf
Sending rulesrc/sandbox/jm/20_basic.cf
Sending rulesrc/sandbox/mkettler/25_uribl.cf
Sending rulesrc/sandbox/smf/20_smf.cf
Transmitting file data .........
Committed revision 1400858.
Step 2 - On May 1st, look at adding the rule for the MW list.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
Jeff Chan <je...@surbl.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jeffc@surbl.org
--- Comment #5 from Jeff Chan <je...@surbl.org> ---
Date: Wed, 1 May 2013 05:54:48 -0700
To: SURBL Announce <an...@lists.surbl.org>
Subject: [SURBL-Announce] MW malware sublist added to multi, replaces OB
As announced last October, malware data has been moved from PH
to a new list MW, taking the bit of OB, which was deprecated last year.
Along with malware data, limited set of cracked hosts also has been
moved from PH to MW, in part because cracked sites often have or
can have malware on them.
The bitmask bit 16 therefore is no longer used by OB, but is used by
MW now. Please update configurations appropriately. For example in
SpamAssassin, change:
urirhssub URIBL_OB_SURBL multi.surbl.org. A 16
body URIBL_OB_SURBL eval:check_uridnsbl('URIBL_OB_SURBL')
describe URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
tflags URIBL_OB_SURBL net
reuse URIBL_OB_SURBL
score URIBL_OB_SURBL 0 0.785 0 0.122
to:
urirhssub URIBL_MW_SURBL multi.surbl.org. A 16
body URIBL_MW_SURBL eval:check_uridnsbl('URIBL_MW_SURBL')
describe URIBL_MW_SURBL Contains an URL listed in the MW SURBL
blocklist
tflags URIBL_MW_SURBL net
reuse URIBL_MW_SURBL
score URIBL_MW_SURBL 0 0.001 0 0.610
Please direct followup discussion to the SURBL Discussion list.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
--- Comment #7 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to comment #6)
> Hi Guys,
> Not sure if the previous should have been a new ticket, etc.
This is a good ticket and the work is in process as I just collided with
someone else's work in trunk ;-)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 6853] SURBL deprecating OB list and creating MW list on
5/1/2013
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6853
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #9 from Kevin A. McGrail <km...@pccc.com> ---
Checking in on this again after a few days. I now show a score being
auto-generated and delivered via sa-update closing this issue:
updates_spamassassin_org/72_scores.cf:score URIBL_MW_SURBL
0.001 3.799 0.001 3.799
--
You are receiving this mail because:
You are the assignee for the bug.